All termsPaymentsIntermediateUpdated April 22, 2026

What Is Mail Order / Telephone Order (MOTO)?

MOTO (Mail Order / Telephone Order) refers to card-not-present transactions where a customer provides payment details via mail or phone rather than in person. These transactions carry higher fraud risk and distinct processing rules compared to in-person payments.

Also known as: MOTO payments, Mail order payments, Telephone order payments, Remote card acceptance

Key Takeaways

  • MOTO transactions are card-not-present payments taken via phone or mail, carrying higher fraud risk and interchange rates than in-person payments.
  • Merchants must use a virtual terminal or manual-keyed entry workflow and maintain PCI DSS compliance for all systems that touch card data.
  • 3D Secure cannot be applied to MOTO transactions; alternative controls like AVS, CVV checks, and manual review are essential.
  • Chargebacks are more common in MOTO channels — clear order records, signed authorization forms, and call recordings (redacted of card data) are critical evidence.
  • Payment orchestration platforms can route MOTO transactions to acquirers with the most favorable MOTO rates and fraud tools automatically.

How Mail Order / Telephone Order (MOTO) Works

01

Customer Initiates the Order

The customer contacts the merchant by phone or sends a paper order form by mail. They provide their card number, expiration date, billing address, and CVV/CVC verbally or in writing. The merchant's agent records this information — without storing sensitive authentication data beyond what is needed for processing.

02

Agent Enters Card Data into a Virtual Terminal

The agent logs into a virtual terminal — a secure, web-based interface — and manually keys in the card details captured from the customer. This step is also known as manual-keyed entry. The agent may also enter order details, billing address, and any merchant-defined fields for record-keeping.

03

Authorization Request Is Sent

The payment gateway encrypts the transaction data and forwards it to the acquiring bank, which routes the authorization request to the relevant card network (Visa, Mastercard, Amex, etc.) and on to the issuing bank. The transaction is flagged with a MOTO transaction type indicator (ECI 01 for telephone, ECI 02 for mail order) so that processors and issuers apply the correct interchange rules.

04

Verification Checks Are Run

Because the cardholder is not physically present, the gateway applies compensating controls: Address Verification Service (AVS) matches the billing address provided against the issuer's records, and the CVV/CVC value is validated. Fraud scoring tools may also analyze velocity, device signals (for digital forms), and behavioral patterns before returning a recommendation.

05

Authorization Response and Fulfillment

The issuer returns an approval or decline code. On approval, the merchant fulfills the order — shipping goods or delivering services — and the transaction is captured (settled) at end of day or at fulfillment. The cardholder sees the charge on their statement, and the merchant receives funds minus interchange, network fees, and processor margin.

06

Recordkeeping and Dispute Management

MOTO merchants should retain order forms, call recordings (scrubbed of full card numbers per PCI DSS), delivery confirmations, and any signed authorization agreements. This evidence is critical if the cardholder initiates a chargeback — a risk that is statistically higher for card-not-present channels than for in-person transactions.


Why Mail Order / Telephone Order (MOTO) Matters

MOTO may feel like a legacy channel, but it remains commercially significant across several industries and demographic segments.

Market Size

Telephone and mail order retail in the United States generates over $500 billion in annual revenue, according to U.S. Census Bureau data on non-store retail. A substantial portion of these sales involve card-based MOTO transactions.

Higher fraud exposure, but manageable. Card-not-present fraud — which includes both MOTO and e-commerce — accounted for 73% of all card fraud losses in the United States in recent years, per Nilson Report estimates. However, MOTO-specific fraud rates differ from e-commerce because the human agent introduces an additional verification layer: a trained agent can ask clarifying questions, detect inconsistencies in billing details, and flag suspicious orders before authorization.

Demographic and accessibility relevance. Approximately 15% of U.S. adults do not use the internet regularly, according to Pew Research. For merchants serving elderly customers, customers in low-connectivity regions, or industries with high-value, relationship-driven sales (insurance, financial services, healthcare), MOTO is not a legacy workaround — it is the primary channel. Removing it would exclude a meaningful customer segment.

Interchange economics. Because card networks categorize MOTO transactions under card-not-present interchange tiers, merchants pay a premium over card-present rates. Optimizing acquirer routing and ensuring correct ECI codes are submitted can meaningfully reduce effective processing costs for high-volume MOTO merchants.


Mail Order / Telephone Order (MOTO) vs. E-Commerce CNP

Both MOTO and e-commerce are card-not-present transaction types, but they differ in meaningful ways that affect authentication, fraud tooling, and compliance obligations.

DimensionMOTOE-Commerce CNP
Order channelPhone call or paper mail formWebsite, app, or digital checkout
3D Secure (3DS)Not applicable — no web sessionSupported; liability shift available
Authentication methodAVS + CVV + manual agent reviewAVS + CVV + 3DS + device fingerprint
ECI code01 (telephone) / 02 (mail)07 (3DS success) / 06 (attempted)
Interchange tierCNP non-authenticatedCNP authenticated (lower with 3DS)
Chargeback liabilityAlways with merchantShifts to issuer when 3DS succeeds
PCI DSS SAQTypically SAQ C-VTSAQ A, A-EP, or D depending on setup
Fraud toolingAVS, CVV, velocity, manual reviewAll of the above + behavioral analytics, device signals
Human involvementRequired (agent keys data)Optional (customer self-serves)

The key practical difference: e-commerce merchants can reduce chargeback liability through 3DS authentication, while MOTO merchants cannot. This makes strong order documentation and manual review processes more critical in MOTO channels.


Types of Mail Order / Telephone Order (MOTO)

Pure Mail Order (ECI 02) The customer completes a paper order form and mails it with payment card details. Common in catalog retail, magazine subscriptions, and charitable donation campaigns. Processing typically occurs in batch after the form is received and data-entered.

Telephone Order (ECI 01) A customer-service or sales agent takes payment details verbally over the phone. Widely used in insurance, travel, healthcare scheduling, and B2B sales. Real-time authorization is typically processed during the call so the agent can confirm success before ending the conversation.

Recurring MOTO Some merchants use MOTO as the basis for recurring billing — a customer provides card details by phone once, and the merchant stores a token to bill subsequent periods. This requires explicit written or recorded authorization and careful handling of stored-credential transaction flags to qualify for recurring interchange rates.

IVR (Interactive Voice Response) Payments A variant where the customer enters card details via their phone keypad into an automated system, with no live agent involved. IVR payments reduce PCI DSS scope by keeping card data away from human agents entirely and can be processed as MOTO transactions.

Agent-Assisted Web Orders An agent co-browses or completes a web form on behalf of a customer who calls in. Depending on implementation, these may be classified as MOTO or e-commerce — merchants should work with their processor to ensure correct ECI coding.


Best Practices

For Merchants

Use tokenization immediately. Never store raw card numbers beyond the moment of authorization. Integrate with a tokenization service so that only tokens are retained in your order management system. This dramatically reduces PCI DSS scope and breach impact.

Maintain signed or recorded authorizations. For telephone orders, record calls (with appropriate consent disclosures) and retain recordings for at least 18 months. For mail orders, retain the original signed order form. These records are your primary defense in a chargeback dispute.

Train agents on fraud signals. Common MOTO fraud indicators include: billing and shipping addresses that don't match, rush shipping requests on first-time orders, multiple orders with different cards to the same address, and customers who push back when asked security questions. Regular agent training reduces fraud losses more cost-effectively than technology alone for many MOTO merchants.

Implement velocity controls. Set per-card and per-address limits on daily transaction volume at the gateway level. MOTO channels are frequently targeted by card-testing attacks where fraudsters use agents or bots to test stolen card numbers in small increments.

Segment MOTO and e-commerce processing. If you run both channels, use separate merchant IDs (MIDs) or at minimum separate virtual terminals. This keeps interchange categories clean and makes fraud analysis and reporting more actionable.

For Developers

Submit correct ECI values. Ensure your integration always passes ECI 01 for telephone orders and ECI 02 for mail orders. Incorrect or missing ECI values can result in downgrades to less favorable interchange tiers or failed transactions.

Implement AVS and CVV checks at the gateway level. Configure your payment gateway to decline or flag transactions where AVS returns a no-match and CVV fails simultaneously. Both signals together are a strong fraud indicator in MOTO flows.

Scope PCI DSS correctly. If your virtual terminal is hosted by your payment processor and agents access it through a browser without any card data touching your servers, you may qualify for SAQ C-VT — the lightest MOTO SAQ tier. Document this scope clearly and review it annually.

Build audit logging into your agent tooling. Log every field change, authorization attempt, and agent action for every MOTO order. This data supports both fraud investigations and chargeback responses.

Handle stored-credential flags for recurring MOTO. When billing a returning customer against a stored token, submit the correct stored-credential indicators (initial vs. subsequent, merchant-initiated vs. cardholder-initiated). Incorrect flags can trigger declines or increase interchange costs.


Common Mistakes

Recording CVV/CVC values. PCI DSS explicitly prohibits storing CVV/CVC after authorization — not just digitally, but in any form, including paper call logs, handwritten notes, or audio recordings. This is one of the most common PCI violations in telephone order environments and can result in significant fines and card acceptance suspension.

Skipping AVS on low-value orders. Merchants sometimes disable AVS checks below a certain order threshold to reduce false declines. Fraudsters know this and specifically target low-value MOTO transactions for card testing. AVS should be applied consistently regardless of order size.

Failing to get recurring authorization in writing. When enrolling a customer in a recurring billing arrangement over the phone, merchants must obtain explicit, documented consent. Failure to do so is the leading cause of "unauthorized recurring charge" chargebacks — among the hardest MOTO disputes to win without written evidence.

Incorrect transaction type coding. Submitting MOTO transactions with an e-commerce ECI code (or no ECI code) misrepresents the transaction type to the card network. This can trigger compliance reviews, interchange downgrades, and acquirer penalties.

Storing card numbers in CRM or ticketing systems. Agents sometimes paste card numbers into notes fields in CRM, helpdesk, or order management tools outside the PCI-compliant payment environment. This is a critical data security failure. Implement technical controls — such as field masking and clipboard monitoring — to prevent it.


Mail Order / Telephone Order (MOTO) and Tagada

MOTO Optimization with Tagada

Tagada's payment orchestration layer supports MOTO-specific routing logic: transactions flagged with MOTO ECI codes are automatically directed to acquirers that offer the most competitive CNP interchange rates and strongest fraud tooling for telephone and mail order channels. Merchants running both MOTO and e-commerce can manage both flows through a single integration, with per-channel fraud rules, routing waterfalls, and chargeback analytics in one dashboard. Stored-credential token management for recurring MOTO billing is handled natively, ensuring correct transaction flags are submitted on every subsequent charge.

Frequently Asked Questions

What does MOTO stand for in payments?

MOTO stands for Mail Order / Telephone Order. It describes any transaction where a customer provides their card details remotely — either by filling out a paper form sent by mail or by reading card information over the phone to an agent. Because the physical card and the cardholder are not present at the point of sale, MOTO transactions are classified as card-not-present (CNP) and processed under a separate set of interchange rates and fraud-management rules compared to in-person chip or contactless payments.

Are MOTO transactions more expensive to process?

Yes. Card networks charge higher interchange rates for MOTO transactions than for card-present transactions because the fraud and chargeback risk is greater. Acquirers and payment processors typically pass these higher rates on to merchants. The exact premium varies by card network, card type, and merchant category code (MCC), but merchants can generally expect to pay 20–50 basis points more per transaction than they would for an equivalent in-person payment.

Do MOTO transactions require 3D Secure authentication?

No. 3D Secure (3DS) is a browser- or app-based protocol designed for e-commerce checkout flows. MOTO transactions happen over the phone or via paper forms, so there is no web session through which to trigger a 3DS challenge. Instead, merchants rely on other verification methods such as Address Verification Service (AVS), Card Verification Value (CVV/CVC) checks, and manual review processes to authenticate the cardholder and reduce fraud exposure.

What equipment or software do merchants need to accept MOTO payments?

Merchants accepting MOTO payments typically use a virtual terminal — a web-based interface that allows staff to manually key in card details captured by phone or mail. The virtual terminal connects to a payment gateway, which routes the authorization request to the card network and the issuing bank. Some merchants use physical card imprinters or paper order forms for mail orders, then batch-enter the data. PCI DSS scope must be carefully evaluated for any system that handles raw card data, including paper forms.

How should merchants handle PCI DSS compliance for MOTO?

MOTO merchants must comply with PCI DSS requirements, but the applicable Self-Assessment Questionnaire (SAQ) depends on how card data is captured. Merchants who key data directly into a virtual terminal without storing cardholder data typically qualify for SAQ C-VT. Those who store, process, or transmit cardholder data in other ways may face stricter SAQ tiers or a full QSA assessment. Key controls include restricting access to cardholder data, avoiding recording calls that contain full card numbers, and never storing CVV/CVC values after authorization.

What is the difference between MOTO and e-commerce CNP transactions?

Both MOTO and e-commerce transactions are card-not-present, but they differ in how the order is placed and how authentication is handled. E-commerce transactions occur through a digital checkout and can leverage 3D Secure, device fingerprinting, and behavioral analytics. MOTO transactions are initiated by a human agent via phone or paper form, making real-time digital authentication impossible. This distinction affects interchange categories, chargeback rights, and the fraud tools available to merchants.

Tagada Platform

Mail Order / Telephone Order (MOTO) — built into Tagada

See how Tagada handles mail order / telephone order (moto) as part of its unified commerce infrastructure. One platform for payments, checkout, and growth.